Makefile great again

hcl2: test of new hcl2 packer templates.

12 files changed, 717 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index 0ef3cd0..8ec13af 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
+ansible-*
+builds/
 qemu/
 virtualbox-iso/
 vmware-iso/
diff --git a/hcl2/Makefile b/hcl2/Makefile
new file mode 100644
index 0000000..77fe366
--- /dev/null
+++ b/hcl2/Makefile
@@ -0,0 +1,287 @@
+# Simple Makefile to build base VM images using packer and ansible
+# TODO
+#	* support ssh as user instead of root
+#	* testing target
+PACKER					?= packer
+ANSIBLE_DIR_BOOT		?= ansible-dracut
+ANSIBLE_DIR_PROV		?= ansible-roles-prov
+HASHER					?= sha256sum
+SHELL					:= /usr/bin/env bash
+BUILDS					:= builds
+
+ARCH					:= $(shell uname -m | sed 's/i686/i386/')
+
+AVAILABLE_BUILDERS		:= QEMU
+BUILDER_QEMU_EXE		:= qemu-system-$(ARCH)
+BUILDER_QEMU_NAME		:= qemu
+BUILDER_QEMU_PROV		:= $(BUILDER_QEMU_NAME)
+
+BUILDERS				:= qemu
+
+override BUILDER	 = qemu
+override PROVISIONER = qemu
+
+# The packer templates, detected as *.json (excluding base.json)
+TEMPLATES := $(patsubst %/,%,$(dir $(wildcard */base.pkrvars.hcl)))
+
+# The provisioning flavors, detected as ansible-<flavor>/setup-<flavor>.yml
+# Find all paths beginnig with "ansible-" and and save this suffix in PATTERNS
+PATTERNS := $(patsubst ansible-%, %, $(wildcard ansible-*))
+# Extract <flavor> from ansible-<flavor>/setup-<flavor>.yml using PATTERNS as <flavor>
+FLAVORS :=	$(foreach p, $(PATTERNS), \
+				$(patsubst ansible-$(p)/setup-$(p).yml, $(p), \
+					$(wildcard ansible-$(p)/setup-$(p).yml)))
+# Extra flavor from variable ANSIBLE_DIR_PROV, using pattern ANSIBLE_DIR_PROV/setup-<flavor>.yml
+FLAVORS +=	$(patsubst $(ANSIBLE_DIR_PROV)/setup-%.yml,%, \
+				$(wildcard $(ANSIBLE_DIR_PROV)/setup-*.yml))
+FLAVORS := $(strip $(FLAVORS))
+
+BASETARGETS :=	$(strip $(foreach t, $(TEMPLATES), $(t)/base))
+PROVTARGETS :=	$(strip $(foreach t, $(TEMPLATES), \
+							$(foreach f, $(FLAVORS), $(t)/$(f))))
+PROVIMAGES :=	$(strip $(foreach t, $(TEMPLATES), \
+							$(foreach f, $(FLAVORS), $(t)/$(f): %/$(f): %/base)))
+REPROVTARGETS :=	$(strip $(foreach t, $(TEMPLATES), \
+								$(foreach f, $(FLAVORS), \
+									$(filter-out $(t)/$(f).latest, \
+										$(wildcard $(t)/$(f).*)))))
+COMPRESSPOSSIBLE :=	$(foreach t, $(TEMPLATES), \
+						$(foreach f, $(FLAVORS), $(wildcard $(t)/$(f).*)))
+COMPRESSTARGETS :=	$(foreach p, $(COMPRESSPOSSIBLE), $(p)/compress)
+BOOTTARGETS :=	$(foreach t, $(TEMPLATES), $(t)/base/boot)
+BOOTTARGETS +=	$(foreach p, $(PROVTARGETS), $(p)/boot)
+BOOTTARGETS :=	$(strip $(BOOTTARGETS))
+CURBOOTTARGETS :=	$(foreach p, $(REPROVTARGETS), $(p)/boot)
+BASERMTARGETS :=	$(foreach t, $(BASETARGETS),  rm/$(t))
+PROVRMTARGETS :=	$(foreach t, $(REPROVTARGETS),	rm/$(t))
+
+ifndef ANSIBLE_PROV_EXTRA_ARGS
+	ANSIBLE_PROV_EXTRA_ARGS :=
+endif
+
+ifdef DEBUG
+	VERBOSE := 1
+	ifeq ($(DEBUG),STEP)
+		override PACKER_OPTS += -debug
+	else
+		override PACKER_OPTS += -on-error=ask
+	endif
+endif
+
+ifdef FORCE
+	override PACKER_OPTS += -force
+endif
+
+ifdef WINDOW
+	override PACKER_OPTS += -var headless=false
+endif
+
+override PACKER_OPTS += -warn-on-undeclared-var
+
+# We support parallel Provisioning packer builds.
+# To ensure data consistency we save the used ansible roles before executing in
+# its own environment, tagged by the current date & time.
+TIMESTAMP := $(shell date "+%Y-%m-%d_%H-%M-%S")
+
+ifdef VERBOSE
+	$(info timestamp:			 $(TIMESTAMP))
+	$(info )
+	$(info packer: executable:	 $(PACKER))
+	$(info packer: options:		 $(PACKER_OPTS))
+	$(info hasher:				 $(HASHER))
+	$(info )
+	$(info ansible: boot:		 $(ANSIBLE_DIR_BOOT))
+	$(info ansible: flavors:	 $(FLAVORS))
+	$(info )
+	$(info builder: available:	 $(AVAILABLE_BUILDERS))
+	$(info builder: chosen:		 $(BUILDER))
+	$(info )
+	$(info targets: base:		 $(BASETARGETS))
+	$(info targets: boot:		 $(BOOTTARGETS))
+	$(info targets: provision:	 $(PROVTARGETS))
+	$(info targets: reprovision: $(REPROVTARGETS))
+	$(info )
+	override PACKER := PACKER_LOG=1 $(PACKER)
+endif
+
+.PHONY: help clean_except_last clean_bases clean_all clean_failed backinglock $(REPROVTARGETS)
+help:
+
+# Creating base images. When DRACUT_INIT is specified, the dracut module
+# repository will be initially cloned and its required components (dnbd3,
+# xmount, libxmount-qemu) will be pre-build to accelerate subsequent builds.
+$(BASETARGETS):
+	$(info ** Building template '$(@D)' using '$(BUILDER)' **)
+	$(eval INIT_TAG := $(if $(DRACUT_INIT), install, untagged))
+	$(PACKER) build -only=base.$(BUILDER).ansible \
+		$(PACKER_OPTS) \
+		-var-file=$(@D)/base.pkrvars.hcl \
+		-var http_dir=$(@D)/http \
+		-var output_directory=$(BUILDS)/$(@D)/base \
+		-var playbook_file=$(ANSIBLE_DIR_BOOT)/slx-builder.yml \
+		-var vm_name=$(@D) \
+		-var extra_ansible_args=-t,$(INIT_TAG) \
+		./
+	$(HASHER) $(BUILDS)/$(@D)/base/$(@D) >$(BUILDS)/$(@D)/base/CHECKSUM
+
+# Provisioning images
+$(PROVIMAGES)
+
+$(PROVTARGETS) $(REPROVTARGETS):
+	$(eval FLAVOR := 			$(basename $(@F)))
+	$(eval ANSIBLE_DIR_PROV :=	$(if ansible-$(FLAVOR)/setup-$(FLAVOR).yml,\
+									ansible-$(FLAVOR)))
+	$(eval VERSION := 			$(if $(suffix $(@)), $(subst .,,$(suffix $(@))), 0))
+	$(eval BASE_IMAGE :=		$(if $(wildcard $(BUILDS)/$(@)/$(@D)-$(FLAVOR)),\
+									$(BUILDS)/$(@)/$(@D)-$(FLAVOR),\
+									$(BUILDS)/$(@D)/base/$(@D)))
+	$(eval BUILD_DIR :=		 	$(BUILDS)/$(@D)/$(FLAVOR).$(TIMESTAMP))
+	$(info ** Provisioning '$(@D)' with '$(FLAVOR)' **)
+	@mkdir -p $(BUILD_DIR)
+	@cp -r `readlink -f $(ANSIBLE_DIR_PROV)` $(BUILD_DIR)/$(ANSIBLE_DIR_PROV)
+	@ln -sfn $(FLAVOR).$(TIMESTAMP) $(BUILDS)/$(@D)/$(FLAVOR).latest
+	@ln -sfr $(BUILD_DIR) $(dir $(BASE_IMAGE))/$(TIMESTAMP).backinglock
+	@-cp -r $(BUILDS)/$@/$(ANSIBLE_DIR_PROV) $(BUILD_DIR)
+	@-cp -r $(BUILDS)/$@/$(ANSIBLE_DIR_PROV).* $(BUILD_DIR)
+	$(PACKER) build -only=flavor.$(BUILDER).ansible \
+		$(PACKER_OPTS) \
+		-var disk_image=true \
+		-var iso_url=$(BASE_IMAGE) \
+		-var iso_checksum=file:$(dir $(BASE_IMAGE))CHECKSUM \
+		-var output_directory=$(BUILD_DIR)/image \
+		-var playbook_file=$(BUILD_DIR)/$(ANSIBLE_DIR_PROV)/setup-$(FLAVOR).yml \
+		-var vm_name=$(@D)-$(FLAVOR) \
+		-var extra_ansible_args=$(ANSIBLE_PROV_EXT		RA_ARGS) \
+		./
+	$(HASHER) $(BUILD_DIR)/image/$(@D)-$(FLAVOR) \
+		>$(BUILD_DIR)/image/CHECKSUM
+
+# Generating boot files
+$(BOOTTARGETS): %/boot: %
+
+$(BOOTTARGETS) $(CURBOOTTARGETS):
+	$(eval FLAVOR := 	$(notdir $(@D)))
+	$(eval BASE := 		$(patsubst %/, %, $(dir $(@D))))
+	$(eval BASE_DIR :=	$(if $(filter base, $(notdir $(BUILDS)/$(@D))),\
+							,\
+							$(if $(wildcard $(BUILDS)/$(@D)/image/.),\
+								$(BUILDS)/$(@D),\
+								$(BUILDS)/$(@D).$(TIMESTAMP))))
+	$(eval BUILD_DIR := $(if $(BASE_DIR)/image,\
+							$(BASE_DIR)/image,\
+							$(BUILDS)/$(@D)))
+	$(eval BUILD_DIR :=	$(if $(filter $(@), $(CURBOOTTARGETS)),\
+							$(BASE_DIR)/image,\
+							$(BUILD_DIR)))
+	$(info ** Generating boot files for '$(BUILD_DIR)')
+	$(PACKER) build -only=flavor.$(BUILDER).ansible \
+		$(PACKER_OPTS) \
+		-var disk_image=true \
+		-var iso_url=$(BUILD_DIR)/$(BASE)-$(FLAVOR) \
+		-var iso_checksum=file:$(dir $(BUILD_DIR))image/CHECKSUM \
+		-var output_directory=$(BUILD_DIR)/tmp \
+		-var playbook_file=$(ANSIBLE_DIR_BOOT)/slx-builder.yml \
+		-var vm_name=$(BASE)-$(FLAVOR).tmp \
+		-var extra_ansible_args=-t,install,-t,build \
+		-var extra_ansible_args=$(ANSIBLE_PROV_EXTRA_ARGS) \
+		./
+	@mkdir -p $(BUILD_DIR)/boot
+	@mv -f $(ANSIBLE_DIR_BOOT)/boot_files/* $(BUILD_DIR)/boot
+	$(if $(DEBUG),,@rm -rf $(BUILD_DIR)/tmp)
+
+# Safe removal of images
+$(BASERMTARGETS):
+rm/%: %/*.backinglock
+	$(eval BUILD_DIR := $(subst rm/,,$(@)))
+	@rm -rf $(BUILD_DIR)
+
+$(PROVRMTARGETS):
+rm/%: %/build/*.backinglock
+	$(eval BUILD_DIR := 	$(subst rm/,,$(@))/build)
+	$(eval FATHER_BUILD := 	$(dir $(shell qemu-img info $(BUILD_DIR)/rootfs-image | grep "backing file" | cut -d\  -f3-)))
+	$(eval BUILD_TIME := 	$(subst .,,$(suffix $(@))))
+	@rm -rf $(FATHER_BUILD)/$(BUILD_TIME).backinglock
+	@rm -rf $(BUILD_DIR)
+
+%.backinglock: backinglock
+	@qemu-img convert -f qcow2 $(@)/build/rootfs-image -O qcow2 $(@)/build/rootfs-image.tmp
+	@rm $(@)/build/rootfs-image
+	@mv $(@)/build/rootfs-image.tmp $(@)/build/rootfs-image
+	@rm $(@)
+
+backinglock:
+
+clean_except_last:
+	@-$(foreach template,$(TEMPLATES),\
+		$(eval exclusions := $(shell test -d $(template) && \
+										find $(template) \
+											-maxdepth 1 \
+											-type l \
+											-print0 \
+										| xargs -r -0 -n1 readlink))\
+		test -d $(template) && \
+			find $(template)/* \
+				-maxdepth 0 \
+				-type d \
+				$(foreach file,$(exclusions),-not -name $(file) ) \
+				-not -name base \
+				-print0 \
+			| xargs -r -0 -n1 rm -rf; )
+
+clean_failed:
+	@-$(foreach template,$(TEMPLATES),\
+		test -d $(template) && \
+			find $(template)/* \
+				-maxdepth 0 \
+				-type d \
+				-not -name base \
+				-print0 \
+			| xargs -r -0 -n1 -i \
+				$(SHELL) -c 'test -d "{}/build" || rm -rf "{}"'; )
+
+clean_bases:
+	@-$(foreach template,$(TEMPLATES),\
+		test -d $(template) && rm -rf $(template)/base;)
+
+clean_all:
+	@-$(foreach template,$(TEMPLATES),\
+		test -d $(template) && rm -rf $(template);)
+
+help:
+	@printf "Usage:\n\tmake <template>/<flavor>[/boot]\n"
+	@printf "\n"
+	@printf "Base images targets:\n"
+	@for T in $(BASETARGETS); do printf "\t%s\n" "$$T"; done
+	@printf "\n"
+	@printf "Provisioning images targets:\n"
+	@for P in $(PROVTARGETS); do printf "\t%s\n" "$$P"; done
+	@for P in $(REPROVTARGETS); do printf "\t%s\n" "$$P"; done
+	@printf "\n"
+	@printf "Generate boot files targets:\n"
+	@printf "\t<{base,provisioning}_target>/boot\n"
+	@printf "\n"
+	@printf "Commiting backing files and Compressing targets:"
+	@for C in $(COMPRESSTARGETS); do printf "\t%s\n" "$$C"; done
+	@printf "\n"
+	@printf "For safely removing targets:\n"
+	@printf "\trm/<target>\n"
+	@printf "\n"
+	@printf "Available options are:\n"
+	@printf "\tANSIBLE_DIR_BOOT:\tSet directory with ansible roles for building initramfs (def: ansible-dracut)\n"
+	@printf "\tANSIBLE_DIR_PROV:\tSet directory with ansible roles for provisioning (def: ansible-roles-prov)\n"
+	@printf "\tDEBUG:\t\t\tEnable debug mode in packer (sets VERBOSE=1)\n"
+	@printf "\t\tDEBUG=1\t\tEnable enhanced on-error handling\n"
+	@printf "\t\tDEBUG=STEP\tEnable step by step debugging in packer\n"
+	@printf "\tFORCE=1:\t\tOverwrite existing builds\n"
+	@printf "\tPACKER:\t\t\tSet packer executable (def: packer)\n"
+	@printf "\tPACKER_OPTS:\t\tSet packer options\n"
+	@printf "\tVERBOSE=1:\t\tEnable verbose output\n"
+	@printf "\tWINDOW:\t\t\tDisable headless mode\n"
+	@printf "\tPKR_VAR_<VAR>=<VAL>:\tSet a packer variable <VAR>=<VAL>\n"
+	@printf "\tPKR_VAR_headless=false:\tDisable headless mode\n"
+	@printf "\n"
+	@printf "Clean targets are:\n"
+	@printf "\tclean_except_last\n"
+	@printf "\tclean_failed\n"
+	@printf "\tclean_bases\n"
+	@printf "\tclean_all\n"
diff --git a/hcl2/alma-9-x86_64/base.pkrvars.hcl b/hcl2/alma-9-x86_64/base.pkrvars.hcl
new file mode 100644
index 0000000..ff70933
--- /dev/null
+++ b/hcl2/alma-9-x86_64/base.pkrvars.hcl
@@ -0,0 +1,19 @@
+# Read the variables type constraints documentation
+# https://www.packer.io/docs/templates/hcl_templates/variables#type-constraints
+# for more info.
+
+# Following variables will be defined though Makefile:
+# http_dir=$(@D)/http
+# output_directory=builds/$(@D)/base
+# playbook=$(ANSIBLE_DIR_CORE)/slx-builder.yml
+# vm_name=$(@D)
+
+boot_command        = [
+                       "<esc><wait>",
+                       "linux inst.cmdline biosdevname=0 net.ifnames=0 ",
+                       "rootpw=secret ",
+                       "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/anaconda-ks.cfg",
+                       "<enter>"
+                      ]
+iso_checksum        = "file:https://mirror1.hs-esslingen.de/pub/Mirrors/almalinux/9/isos/x86_64/CHECKSUM"
+iso_url             = "https://mirror1.hs-esslingen.de/pub/Mirrors/almalinux/9/isos/x86_64/AlmaLinux-9-latest-x86_64-minimal.iso"
diff --git a/hcl2/alma-9-x86_64/http/anaconda-ks.cfg b/hcl2/alma-9-x86_64/http/anaconda-ks.cfg
new file mode 100644
index 0000000..47ac4cd
--- /dev/null
+++ b/hcl2/alma-9-x86_64/http/anaconda-ks.cfg
@@ -0,0 +1,56 @@
+clearpart --none --initlabel
+bootloader --location=mbr --boot-drive=sda
+part biosboot --fstype=biosboot --ondisk=sda --size=1
+part / --fstype=xfs --asprimary --ondisk=sda --grow --label=SLX_SYS
+lang en_US.UTF-8
+keyboard --vckeymap=us --xlayouts='us'
+timezone Europe/Berlin --isUtc --nontp
+text
+reboot
+
+%packages
+@core
+%end
+
+%pre --interpreter=/usr/bin/perl
+use strict;
+use warnings;
+use feature 'say';
+
+open(my $fp, '<', '/proc/cmdline') or die $!;
+chomp(my $line = scalar <$fp>);
+close($fp);
+
+my @tokens = map {/^rootpw=(.*)/ ? $1 : () }
+             split / /, $line;
+
+exit if @tokens < 1;
+
+my $pw = crypt($tokens[0], "\$6\$1U9v8hxj6xmYNJBA\$");
+
+open($fp, '>', '/tmp/setup-root-pass') or die $!;
+say $fp "rootpw --iscrypted $pw";
+close($fp);
+%end
+
+%include /tmp/setup-root-pass
+
+%post --erroronfail
+set -x
+parted -s /dev/sda -- name 2 SLX_SYS
+dnf -y install epel-release
+dnf -y update
+dnf clean all
+
+# allow root login for ansible
+sed -i 's,^[[:blank:]]*#*PermitRootLogin.*,PermitRootLogin yes,g' /etc/ssh/sshd_config
+
+ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
+cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
+DEVICE="eth0"
+BOOTPROTO="dhcp"
+ONBOOT="yes"
+TYPE="Ethernet"
+EOF
+set +x
+%end
diff --git a/hcl2/base.pkr.hcl b/hcl2/base.pkr.hcl
new file mode 100644
index 0000000..0a7ec92
--- /dev/null
+++ b/hcl2/base.pkr.hcl
@@ -0,0 +1,25 @@
+# A build block invokes sources and runs provisioning steps on them.
+# The documentation for build blocks can be found here:
+# https://www.packer.io/docs/templates/hcl_templates/blocks/build
+
+packer {
+  required_plugins {
+    qemu = {
+      source  = "github.com/hashicorp/qemu"
+      version = "~> 1"
+    }
+    ansible = {
+      source  = "github.com/hashicorp/ansible"
+      version = "~> 1"
+    }
+  }
+}
+
+build {
+  name    = "base"
+  sources = ["source.qemu.ansible"]
+  
+  post-processor "manifest" {
+    output = "${var.output_directory}/manifest.json"
+  }
+}
diff --git a/hcl2/centos-9-x86_64/base.pkrvars.hcl b/hcl2/centos-9-x86_64/base.pkrvars.hcl
new file mode 100644
index 0000000..b342a37
--- /dev/null
+++ b/hcl2/centos-9-x86_64/base.pkrvars.hcl
@@ -0,0 +1,19 @@
+# Read the variables type constraints documentation
+# https://www.packer.io/docs/templates/hcl_templates/variables#type-constraints
+# for more info.
+
+# Following variables will be defined though Makefile:
+# http_dir=$(@D)/http
+# output_directory=builds/$(@D)/base
+# playbook=$(ANSIBLE_DIR_CORE)/slx-builder.yml
+# vm_name=$(@D)
+
+boot_command        = [
+                       "<esc><wait>",
+                       "linux inst.cmdline biosdevname=0 net.ifnames=0 ",
+                       "rootpw=secret ",
+                       "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/anaconda-ks.cfg",
+                       "<enter>"
+                      ]
+iso_checksum        = "file:https://mirror1.hs-esslingen.de/pub/Mirrors/centos-stream/9-stream/BaseOS/x86_64/iso/CHECKSUM"
+iso_url             = "https://mirror1.hs-esslingen.de/pub/Mirrors/centos-stream/9-stream/BaseOS/x86_64/iso/CentOS-Stream-9-latest-x86_64-boot.iso"
diff --git a/hcl2/centos-9-x86_64/http/anaconda-ks.cfg b/hcl2/centos-9-x86_64/http/anaconda-ks.cfg
new file mode 100644
index 0000000..47ac4cd
--- /dev/null
+++ b/hcl2/centos-9-x86_64/http/anaconda-ks.cfg
@@ -0,0 +1,56 @@
+clearpart --none --initlabel
+bootloader --location=mbr --boot-drive=sda
+part biosboot --fstype=biosboot --ondisk=sda --size=1
+part / --fstype=xfs --asprimary --ondisk=sda --grow --label=SLX_SYS
+lang en_US.UTF-8
+keyboard --vckeymap=us --xlayouts='us'
+timezone Europe/Berlin --isUtc --nontp
+text
+reboot
+
+%packages
+@core
+%end
+
+%pre --interpreter=/usr/bin/perl
+use strict;
+use warnings;
+use feature 'say';
+
+open(my $fp, '<', '/proc/cmdline') or die $!;
+chomp(my $line = scalar <$fp>);
+close($fp);
+
+my @tokens = map {/^rootpw=(.*)/ ? $1 : () }
+             split / /, $line;
+
+exit if @tokens < 1;
+
+my $pw = crypt($tokens[0], "\$6\$1U9v8hxj6xmYNJBA\$");
+
+open($fp, '>', '/tmp/setup-root-pass') or die $!;
+say $fp "rootpw --iscrypted $pw";
+close($fp);
+%end
+
+%include /tmp/setup-root-pass
+
+%post --erroronfail
+set -x
+parted -s /dev/sda -- name 2 SLX_SYS
+dnf -y install epel-release
+dnf -y update
+dnf clean all
+
+# allow root login for ansible
+sed -i 's,^[[:blank:]]*#*PermitRootLogin.*,PermitRootLogin yes,g' /etc/ssh/sshd_config
+
+ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
+cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
+DEVICE="eth0"
+BOOTPROTO="dhcp"
+ONBOOT="yes"
+TYPE="Ethernet"
+EOF
+set +x
+%end
diff --git a/hcl2/flavor.pkr.hcl b/hcl2/flavor.pkr.hcl
new file mode 100644
index 0000000..974bf32
--- /dev/null
+++ b/hcl2/flavor.pkr.hcl
@@ -0,0 +1,28 @@
+# A build block invokes sources and runs provisioning steps on them.
+# The documentation for build blocks can be found here:
+# https://www.packer.io/docs/templates/hcl_templates/blocks/build
+
+// packer {
+//   required_plugins {
+//     qemu = {
+//       source  = "github.com/hashicorp/qemu"
+//       version = "~> 1"
+//     }
+//     ansible = {
+//       source  = "github.com/hashicorp/ansible"
+//       version = "~> 1"
+//     }
+//   }
+// }
+
+build {
+  name    = "flavor"
+  sources = ["source.qemu.ansible"]
+
+  provisioner "ansible" {
+    extra_arguments = ["--ssh-extra-args", "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa", "--scp-extra-args", "\"-O\""]
+    playbook_file   = "${var.playbook_file}"
+    sftp_command    = "/usr/libexec/openssh/sftp-server"
+    use_sftp        = false
+  }
+}
diff --git a/hcl2/rocky-9-x86_64/base.pkrvars.hcl b/hcl2/rocky-9-x86_64/base.pkrvars.hcl
new file mode 100644
index 0000000..9406323
--- /dev/null
+++ b/hcl2/rocky-9-x86_64/base.pkrvars.hcl
@@ -0,0 +1,19 @@
+# Read the variables type constraints documentation
+# https://www.packer.io/docs/templates/hcl_templates/variables#type-constraints
+# for more info.
+
+# Following variables will be defined though Makefile:
+# http_dir=$(@D)/http
+# output_directory=builds/$(@D)/base
+# playbook=$(ANSIBLE_DIR_CORE)/slx-builder.yml
+# vm_name=$(@D)
+
+boot_command        = [
+                       "<esc><wait>",
+                       "linux inst.cmdline biosdevname=0 net.ifnames=0 ",
+                       "rootpw=secret ",
+                       "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/anaconda-ks.cfg",
+                       "<enter>"
+                      ]
+iso_checksum        = "file:https://mirror1.hs-esslingen.de/pub/Mirrors/rocky/9/isos/x86_64/CHECKSUM"
+iso_url             = "https://mirror1.hs-esslingen.de/pub/Mirrors/rocky/9/isos/x86_64/Rocky-9-latest-x86_64-minimal.iso"
diff --git a/hcl2/rocky-9-x86_64/http/anaconda-ks.cfg b/hcl2/rocky-9-x86_64/http/anaconda-ks.cfg
new file mode 100644
index 0000000..47ac4cd
--- /dev/null
+++ b/hcl2/rocky-9-x86_64/http/anaconda-ks.cfg
@@ -0,0 +1,56 @@
+clearpart --none --initlabel
+bootloader --location=mbr --boot-drive=sda
+part biosboot --fstype=biosboot --ondisk=sda --size=1
+part / --fstype=xfs --asprimary --ondisk=sda --grow --label=SLX_SYS
+lang en_US.UTF-8
+keyboard --vckeymap=us --xlayouts='us'
+timezone Europe/Berlin --isUtc --nontp
+text
+reboot
+
+%packages
+@core
+%end
+
+%pre --interpreter=/usr/bin/perl
+use strict;
+use warnings;
+use feature 'say';
+
+open(my $fp, '<', '/proc/cmdline') or die $!;
+chomp(my $line = scalar <$fp>);
+close($fp);
+
+my @tokens = map {/^rootpw=(.*)/ ? $1 : () }
+             split / /, $line;
+
+exit if @tokens < 1;
+
+my $pw = crypt($tokens[0], "\$6\$1U9v8hxj6xmYNJBA\$");
+
+open($fp, '>', '/tmp/setup-root-pass') or die $!;
+say $fp "rootpw --iscrypted $pw";
+close($fp);
+%end
+
+%include /tmp/setup-root-pass
+
+%post --erroronfail
+set -x
+parted -s /dev/sda -- name 2 SLX_SYS
+dnf -y install epel-release
+dnf -y update
+dnf clean all
+
+# allow root login for ansible
+sed -i 's,^[[:blank:]]*#*PermitRootLogin.*,PermitRootLogin yes,g' /etc/ssh/sshd_config
+
+ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
+cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
+DEVICE="eth0"
+BOOTPROTO="dhcp"
+ONBOOT="yes"
+TYPE="Ethernet"
+EOF
+set +x
+%end
diff --git a/hcl2/source.pkr.hcl b/hcl2/source.pkr.hcl
new file mode 100644
index 0000000..34c1d2e
--- /dev/null
+++ b/hcl2/source.pkr.hcl
@@ -0,0 +1,26 @@
+# A build block runs provisioner and post-processors on a source.
+# Read the documentation for source blocks here:
+# https://www.packer.io/docs/templates/hcl_templates/blocks/source
+
+source "qemu" "ansible" {
+  accelerator      = "${var.accelerator}"
+  boot_command     = "${var.boot_command}"
+  boot_wait        = "${var.boot_wait}"
+  disk_image       = "${var.disk_image}"
+  disk_interface   = "${var.disk_interface}"
+  disk_size        = "${var.disk_size}"
+  format           = "${var.format}"
+  headless         = "${var.headless}"
+  http_directory   = "${var.http_dir}"
+  iso_checksum     = "${var.iso_checksum}"
+  iso_url          = "${var.iso_url}"
+  output_directory = "${var.output_directory}"
+  qemuargs         = "${var.qemuargs}"
+  shutdown_command = "${var.shutdown_command}"
+  skip_compaction  = "${var.skip_compaction}"
+  ssh_password     = "${var.ssh_password}"
+  ssh_timeout      = "${var.ssh_timeout}"
+  ssh_username     = "${var.ssh_username}"
+  use_backing_file = "${var.use_backing_file}"
+  vm_name          = "${var.vm_name}"
+}
diff --git a/hcl2/variables.pkr.hcl b/hcl2/variables.pkr.hcl
new file mode 100644
index 0000000..1c49a48
--- /dev/null
+++ b/hcl2/variables.pkr.hcl
@@ -0,0 +1,124 @@
+# Read the variables type constraints documentation
+# https://www.packer.io/docs/templates/hcl_templates/variables#type-constraints
+# for more info.
+
+variable "accelerator" {
+  type      = string
+  default   = "kvm"
+}
+
+variable "base_dir" {
+  type      = string
+  default   = null
+}
+
+variable "boot_command" {
+  type      = list(string)
+  sensitive = true
+  default   = null
+}
+
+variable "boot_wait" {
+  type      = string
+  default   = "5s"
+}
+
+variable "disk_image" {
+  type      = bool
+  default   = false
+}
+
+variable "disk_interface" {
+  type      = string
+  default   = "virtio-scsi"
+}
+
+variable "disk_size" {
+  type      = string
+  default   = "20G"
+}
+
+variable "extra_ansible_args" {
+  type      = string
+  default   = null
+}
+
+variable "format" {
+  type      = string
+  default   = "qcow2"
+}
+
+variable "headless" {
+  type      = bool
+  default   = true
+}
+
+variable "http_dir" {
+  type      = string
+  default   = null
+}
+
+variable "iso_checksum" {
+  type      = string
+  default   = null
+}
+
+variable "iso_url" {
+  type      = string
+  default   = null
+}
+
+variable "output_directory" {
+  type      = string
+  default   = null
+}
+
+variable "playbook_file" {
+  type      = string
+  default   = null
+}
+
+variable "qemuargs" {
+  type      = list(tuple([string, string]))
+  default   = [
+               ["-cpu", "host"],
+               ["-m", "4096"],
+               ["-smp", "2"]
+              ]
+}
+
+variable "shutdown_command" {
+  type      = string
+  default   = "systemctl poweroff"
+}
+
+variable "skip_compaction" {
+  type      = bool
+  default   = true
+}
+
+variable "ssh_password" {
+  type      = string
+  sensitive = true
+  default   = "secret"
+}
+
+variable "ssh_timeout" {
+  type      = string
+  default   = "60m"
+}
+
+variable "ssh_username" {
+  type      = string
+  default   = "root"
+}
+
+variable "use_backing_file" {
+  type      = bool
+  default   = false
+}
+
+variable "vm_name" {
+  type      = string
+  default   = null
+}